Controls Design & Policy Framework Mgr - Info Sec (Snr Role)

Adam Appointments
05 Dec 2017
10 Dec 2017
Contract Type
Full Time
We are recruiting for a fantastic opportunity in the Information Security Risk function of a leading global financial services organisation. Joining this new team as one of the first Scottish team hires, your role will involve leading on the design, development and implementation of the ISR Control Design & Policy Framework, ensuring information and cyber security policies are focused on reducing the top risks. You'll design policies and controls leading on the revision of all information and cyber security policies to align with the risk strategy, Operational Risk Framework and industry best practice, and drive framework implementation engaging senior stakeholders to ensure policies are articulated and understood across the business This pivotal role will give excellent visibility across Group Executives and senior management fora, inputting to policy definition and implementation across the business. Key responsibilities of this role include: - Leading on the review and revision of all information and cyber security policies to align with the risk strategy, ORMF and industry best practice - including writing new policies where necessary - Engaging senior stakeholders through the framework, ensuring policies are articulated and understood across the business - Monitoring policies to ensure they remain ‘fit for purpose’ - Maintaining and supporting the Policy and Risk & Control Libraries - Providing Advice/Guidance/Clarification on adhering to the ISR Policies - Operating in a global environment as part of a team of resources collaborating as needed with the other ISR teams and the global businesses/functions - Delivery of a number of high-profile and critical deliverables that will require the input and collaboration of a large set of senior stakeholders within ISR and across the bank We're looking for candidates with: - Strong Risk Management experience - Knowledge of Information Security Risk policies and standards - An ability to articulate meaning of policies to a variety of stakeholder groups - An understanding of the Operational Risk framework, in particular RCAs and the RCL - Skills to undertake analysis and interpretation of information risk related data for various areas in order to inform the definition of new policies and policy updates - Expertise in a relevant area i.e. Information Security, IT Audit or Risk related activities - An ability to explain information security risks clearly and in non-technical language to the business and how these apply to them - Good technical writing skills to allow policies to be presented clearly, concisely and consistently. - Strong interpersonal skills to build and maintain relationships with a wide range of business stakeholders, even when conveying difficult messages - Ability to work comfortably in a matrix management environment Please contact Lucy Adam, Director to discuss the role in confidence. Adam Appointments is the only Scottish agency specialising exclusively in Corporate Governance recruitment.